Over 6,500 web-based shops have been affected in a massive online hack attack. As part of the breach, targeted at the cloud-hosted online provider, Volusion, cyber thieves managed to implement malicious code, getting hold of valuable data in the process.
Volusion stated last month that they have around 20,000 customers, meaning over a third of its client base has been impacted by the violation.
Security and the cloud
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb has commented on the breach. He says: “One more sharp reminder about the immense security risks related to third-parties and cloud. Properly implemented continuous security monitoring could have prevented this incident, however, until the formal investigation is over it would be premature to make any conclusions. One thing is clear, Volusion, breached stores, their customers and banks that issued the compromised cards, are doomed for an expensive and protracted litigation with numerous counter and cross claims.”
Stealing private data online is known by professionals as Magecart attacks or webcart skimming. Experts claim that this kind of violation is experiencing a major increase right now, with security firm RiskIQ noting that over 18,000 Magecart attacks happened in the last few months alone.
RiskIQ also suggest that as e-commerce companies often don’t have access to the core code that runs their businesses, they become easy victims of these kind of attacks. This is because hackers are able to remain undetected in servers for long periods of time.
“Skimming code can exist on a breached website for weeks, months, or even indefinitely, victimizing any visitor that makes purchases on that site,'” writes RiskIQ.
Volusion have not yet made comment on the issue.